.
Right now, one would still have to do tcp segment reassembly in
userspace, but that isn't quite so bad...
One can do most of this right now using rdr to a local proxy (and have
the OS deal with reassembling the stream), but it isn't amazingly fast.
Not that deep packet inspection is going
there is a sort of IDS called static. such IDS don't
catch anomalies actually, but watching flow's normality so
all other (than normal) traffic assumed to be anomalous.
check out SANS reading room...
SPADE
Spade stands for the Statistical Packet Anomaly Detection Engine.
It is a Snort preprocessor plugin which sends alerts of anomalous
packet through standard Snort reporting mechanisms.
http://www.silicondefense.com/software/spice/index.htm
In Linux Snort-Inline gets its packets from IPTables by libipq/ip_queue.
How would a port of snort_inline get its packets from pf to userland and
return it?
I know that in FreeBSD you could do it by Divert socket. But I don't
know of something like it in OpenBSD.
What would be the best way?
Hi,
At the university i am working on a project where i have to implement deep
packet inspection(payload inspection) with some firewall(i picked OpenBSD's
pf), currently i am thinking about design and implementation of that. One of
the most obvious options is to rdr packets to user-land proxy
[EMAIL PROTECTED] wrote:
Hi,
At the university i am working on a project where i have to implement deep
packet inspection(payload inspection) with some firewall(i picked OpenBSD's
pf), currently i am thinking about design and implementation of that. One of
the most obvious options is to rdr
On Tue, Sep 30, 2003 at 04:23:45AM +, [EMAIL PROTECTED] wrote:
At the university i am working on a project where i have to implement deep
packet inspection(payload inspection) with some firewall(i picked OpenBSD's
pf), currently i am thinking about design and implementation of that. One
I also have to implement something like this, and I was wandering if I
can make a userland program to read the packets from kernel land using
ioctl insted of rdr?
[EMAIL PROTECTED] wrote:
Hi,
At the university i am working on a project where i have to implement deep
packet inspection(payload
Daniel Carneiro wrote:
I was wandering if I can make a userland program to read the packets
from kernel land using ioctl insted of rdr?
man tun
man bpf
On Tuesday 30 September 2003 06:23, [EMAIL PROTECTED] wrote:
What are possible ways of implementing payload inspection in
kernel? How is it possible to pass data from kernel-space to
user-space(with kernel being initiator of that transfer)?
This is pretty funny, I'm writing something like
Ed White wrote:
On Tuesday 30 September 2003 06:23, [EMAIL PROTECTED] wrote:
What are possible ways of implementing payload inspection in
kernel? How is it possible to pass data from kernel-space to
user-space(with kernel being initiator of that transfer)?
This is pretty funny, I'm
What are possible ways of implementing payload inspection in
kernel? ...
And what's the point of writing that e-mail if you don't
describe your atypical way?
What's the point in writing follow-ups to this really OT thread at all?
And my piece for the atypical way: Take a look at Net-/FreeBSDs
12 matches
Mail list logo